Home Explore Help
Sign In
OWEALs
/
openssl
mirror of git://git.openssl.org/openssl.git
2
0
Fork 0
Files Issues 1 Wiki
Browse Source

Update CHANGES and NEWS for new release

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/7667)
Matt Caswell 6 years ago
parent
d88ff8962c
commit
548cce63dd
2 changed files with 12 additions and 1 deletions
Split View Show Diff Stats
  1. 10 0
      CHANGES
  2. 2 1
      NEWS

+ 10 - 0
CHANGES
View File 

@@ -22,6 +22,16 @@
 
      (CVE-2018-5407)
 
      [Billy Brumley]
 
 
+  *) Timing vulnerability in DSA signature generation
 
+
 
+     The OpenSSL DSA signature algorithm has been shown to be vulnerable to a
 
+     timing side channel attack. An attacker could use variations in the signing
 
+     algorithm to recover the private key.
 
+
 
+     This issue was reported to OpenSSL on 16th October 2018 by Samuel Weiser.
 
+     (CVE-2018-0734)
 
+     [Paul Dale]
 
+
 
   *) Resolve a compatibility issue in EC_GROUP handling with the FIPS Object
 
      Module, accidentally introduced while backporting security fixes from the
 
      development branch and hindering the use of ECC in FIPS mode.

+ 2 - 1
NEWS
View File 

@@ -7,7 +7,8 @@
 
 
   Major changes between OpenSSL 1.0.2p and OpenSSL 1.0.2q [under development]
 
 
-      o
 
+      o Microarchitecture timing vulnerability in ECC scalar multiplication (CVE-2018-5407)
 
+      o Timing vulnerability in DSA signature generation (CVE-2018-0734)
 
 
   Major changes between OpenSSL 1.0.2o and OpenSSL 1.0.2p [14 Aug 2018]